Comments (10)
Run the banip command "maxretries" times.
On 4/14/12, slacks42
[email protected]
wrote:
I'm using fail2ban version on debian stable, version 0.8.4-SVN. For some
reason fail2ban declines to ban ips with banip. If I try IP addresses that
are already banned I see a warning in fail2ban.log telling me that the IP is
already banned. But if I try to ban new IPs then nothing is happening, not
even when I ban them multiple times.
Reply to this email directly or view it on GitHub:
#45
Sent from my mobile device
from fail2ban.
yeap, and see #31 which desires a more straightforward behavior
from fail2ban.
Hi, well that's the entire problem.... even when maxretry = 1, it still does not work after multiple iterations. So I'd like your suggestions to hunt this down.
It seems that addFailure is only used by banip in filter.py, could the bug be there?
I saw #31 and while it's related somewhat, it doesn't solve anything :-)
from fail2ban.
ah -- let's reopen then ;-) although not sure if we would do anything about it unless it replicates with the current master.
Debian stable version supported only for critical security and functionality issues and this one is not one of them
from fail2ban.
and by "not working anymore" did you mean that it was working before and stopped working now? what has changed meanwhile?
from fail2ban.
Actually I'm not so sure if it ever worked. Semantics... I meant "not working even though a patch was added in the past."
I have tried to set maxretry = 1, maxretry = 2, findtime = 10, and repeatedly punched 'up, enter' so that it would add the ip manually.
Trying to trace it down. Looks like the actual action is done by addBannedIP which runs
self.failManager.addFailure(FailTicket(ip, unixTime))
return ip
ip is then returned and visible on the command line.
It looks as though addFailure (defined in failmanager.py) is only used by banip.I am not sure and can't really base it on anything solid but right now I have a feeling that ticket.py might have time issues... so if you have a second (grin) please look into that for me.
from fail2ban.
Or explain a simple data flow to me so I can track it down a bit better...
from fail2ban.
Finally found it. After doing 'banip', one has to 'touch $logfile'. That one triggers the actual banning. So the issue wasn't time or code but file change notification. Closing this bug... though one might want to omit the "file changed" check for banip. :-)
from fail2ban.
Is the bug with touching the logfile fixed?
I also cannot use banip without I have to touch the syslog file...
I use v0.8.7
from fail2ban.
hmm.. its like something else...
root@web1:~# touch /var/log/auth.log && touch /var/log/syslog root@web1:~# fail2ban-helper -a restore && fail2ban-client status ssh fail2ban-helper: 5 IPs restored Status for the jail: ssh |- filter | |- File list: /var/log/auth.log | |- Currently failed: 5 | `- Total failed: 210 `- action |- Currently banned: 0 | `- IP list: `- Total banned: 0
I issued the commands two times, in hope is changes... but it is impossible to restore ips :(
on some of my hosts it works.. but also not every time.. thats really buggy
I am use my package from https://launchpad.net/~thomas-creutz/+archive/fail2ban
from fail2ban.
Related Issues (20)
- [FR]: nginx-limit-conn.conf HOT 1
- [BR]: wont run HOT 1
- [BR]: iptables action: no chains after start HOT 3
- [BR]: systemd-journal - Fail2Ban doesn't see all log records that journalctl does HOT 2
- unable to create multiple logs folders in logpath HOT 2
- [BR]: OOM (f2b/a.sshd invoked oom-killer) HOT 3
- Fail2ban unable to start in ubuntu 24.04 container HOT 2
- [RFE]: ASN/Country based ban using IPinfo's free IP to Country ASN MMDB database
- [BR]: ignoreregex are ignored if the line does not match "failregex" (making them more like "ignorematchingregex") HOT 1
- [FR]: I want to ban every host in log but I can't figure it out. HOT 3
- [FR]: coturn.log regex filter HOT 6
- [RFE]: Mix `<fid>` and `<ip>` in a ban action HOT 2
- [BR]: fail2ban complains about missing key in the default config file HOT 1
- [BR]: dpkg: warning: unable to delete old directory '/usr/lib/systemd/system': Directory not empty HOT 1
- [FR]: Fail2Ban stops functioning periodically without any evident reason HOT 1
- [BR]: ERROR: cannot import name 'MutableMapping' from 'collections' (/usr/lib/python3.11/collections/__init__.py) HOT 4
- [BR]: Jail works but no chain created in iptables HOT 4
- [BR]: STDIN is closed and triggers libuv error in external programs during actionban HOT 8
- [FR]: sshd failed login attempts not detected? HOT 1
- [RFE]: multi-line ignoreip doesn't handle end-of-line comments HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fail2ban.